Understanding Samsung Knox

Samsung, maker of handsets and all devices tech-related, has created a secure Android environment called Knox, which aims to resolve the laundry list of security problems facing IT teams as they struggle to cope with the bring-your-own-device (BYOD) era in which employees and executives alike demand they be permitted the use of personal devices on corporate networks.

Knox is touted as an all-encompassing security solution, hardening everything from the hardware to the application level to the Android framework itself, but Knox’s smartest (and perhaps most marketable) feature may just be the way it partitions personal from professional use.

The Knox container feature is a second, secure Android environment within the normal operating system. The secure sub-operating system has its own separate home screen, launcher, applications and widgets. All the data and applications stored in the container are completely isolated from the rest of the operating system. No application or process inside the container can interact or communicate with any process outside of it and vice-versa. In other words, you have a standard Android environment and a secure one and never the twain shall meet, except in certain cases where users can grant applications in the container read-only access to data outside the container (e.g. outside contacts are viewable from inside the container if enabled).

Beyond the barrier itself, all files within the container are encrypted using the Advanced Encryption Standard (AES) cipher algorithm with a 256-bit key. Knox also allows IT teams the ability to configure and manage a virtual private network for the device on a per-app basis.

Samsung also believes it has substantially increased Android platform security with three new features: Customizable Secure Boot, TrustZone-based Integrity Measurement Architecture (TIMA), and Security Enhancements for Android. Secure boot, the company claims, is the Knox-enabled device’s first line of defense, ensuring that only verified and authorized software can run on the device bootup. TIMA monitors the kernel. The kernel, very simply put, is a fundamental part of nearly every operating system that helps facilitate communication and processing between the various device parts and the software running on that device. TIMA just watches the kernel and makes sure everything is okay, powering down the device if the kernel is compromised or has its integrity violated in some way. Security Enhancements for Android puts certain data and certain apps in isolated areas, so that if an attack or compromise takes place, the impact is minimal and only affects the isolated are in question.

In addition to this stuff, Knox is loaded with other security management features that are designed to help IT teams deploy personal, employee-owned Android devices on company networks in such a way that they do not need to worry about malware and other bad things coming in from the outside.

Basically, running Knox on your Android device is going to protect you and your employer against data leakage that often occurs when valuable information is transferred from secure networks (read: work) to less secure networks (read: home). That’s the point; to protect your employer from outside threats while also allowing you to bring your beloved mobile device to work. Knox isn’t necessarily going to protect you from downloading bad applications and infecting your device with malware, so you may want to continue running a dedicated mobile security product.

As with all new things, only time will tell how effective Samsung Knox is. It sure looks great on paper, but Knox is less than a year old. It’s been available to enterprise users in something of a limited release for six months or so, but earlier this month Samsung made Knox available for wider consumer use. It really differentiates Knox from other BYOD solutions, typically aimed at corporate customers only. If you try it out, let us know what you think in the comments.